It's Scary How Much Personal Data People Leave on Used Laptops and Phones, Researcher Finds

Hack-a-Day explores thermite-based anti-forensic techniques
Screenshot: Jason Rollette (YouTube)

In a dusty plastic bin under my bed lies at least four laptops, six cellphones, and a half-dozen hard drives. I have no idea what’s on any of them. Most of these devices predate the cloud-storage era, and so likely contain solitary copies of photos, texts, and emails, among other confidential files (porn?) that I’d probably be horrified to learn had fallen into the hands of strangers.

In retrospect, I should’ve taken a sledgehammer to my pile of electronic garbage long ago, or maybe tossed it into a burn barrel before soaking the charred remains in a bath of hydrochloric acid. Overkill? Maybe not.

Advertisement

A recent experiment by Josh Frantz, a senior security consultant at Rapid7, suggests that users are taking few if any steps to protect their private information before releasing their used devices back out into the wild. For around six months, he collected used desktop, hard disks, cellphones and more from pawn shops near his home in Wisconsin. It turned out they contain a wealth of private data belonging to their former owners, including a ton of personally identifiable information (PII)—the bread and butter of identity theft.

Frantz amassed a respectable stockpile of refurbished, donated, and used hardware: 41 desktops and laptops, 27 pieces of removable media (memory cards and flash drives), 11 hard disks, and six cellphones. The total cost of the experiment was a lot less than you’d imagine. “I visited a total of 31 businesses and bought whatever I could get my hands on for a grand total of around $600,” he said.

Frantz used a Python-based optical character recognition (OCR) tool to scan for Social Security numbers, dates of birth, credit card information, and other sensitive data. And the result was, as you might expect, not good.

Advertisement

The pile of junk turned out to contain 41 Social Security numbers, 50 dates of birth, 611 email accounts, 19 credit card numbers, two passport numbers, and six driver’s license numbers. Additionally, more than 200,000 images were contained on the devices and over 3,400 documents. He also extracted nearly 150,000 emails.

Screenshot: Josh Frantz / Rapid7

Only two of the devices were erased properly, he said: a Dell laptop and a Hitachi hard drive. And only three were encrypted.

Advertisement

The silver lining here is that, despite how inexpensive the experiment was to perform, it still cost more to gather all that PII than you’d make selling it on any dark net marketplace (though Frantz did not attempt to assess whether any of the documents or photos might hold any value as blackmail material).

“No matter how we calculate the value of the data gathered, we would never recoup our initial investment of around $600,” he said. “This raises a fascinating point: Data leakage/extraction is so common that it has driven down the cost of the data itself. I saw several dumps of Social Security numbers on the Darknet for even less than $1 each.”

A similar study at the University of Hertfordshire recent found that more than two-thirds of used USB drives sold in the U.S. and U.K. still contained the data of their previous owners. Out of 100 drives purchased in the U.S., 64 had data that was deleted deleted, but could easily be recovered.

Advertisement

The important thing to remember is that when a file appears to be deleted, it may not be. On a desktop or laptop computer, when a user deletes a file, the operating system mere flags the space that the data occupies as available to be overwritten. Without this, the workflow would get bogged down, as data erasure is actually more time consuming than you might think. Fifty gigabytes of space, for instance, could take up to an hour or more to properly wipe. Unless the space is overwritten, deleted files can be easily recovered.

There are a lot of tools available to help users properly sanitize a hard disk, such as BitRaser and BitBleach. Used properly, these will generally overwrite data thoroughly enough that most commercial forensic data-recovery tools will be fairly useless. (More authoritative methodologies can be read here.) Frantz recommends using DBAN, also known as Darik’s Boot and Nuke.

But in the end, if you’re device was host to some very sensitive data, why chance it? Demolish that fucker and buy yourself some piece of mind. Frantz offers a few suggestions for how to go about this, in no particular order, include thermite, which is always fun (and stupid-dangerous) to use:

  • Hammer
  • Incineration (be careful of toxic by-products)
  • Industrial shredding
  • Drill/drill press
  • Acid
  • Electrolysis
  • Microwaves
  • Thermite

All of these methods require the use of proper safety gear and some requiring training. Even if you’re just bashing the shit out of an old hard drive with a hammer, don gloves and safety googles and beware of flying shards of circuitry. Never stick a hard drive in your microwave or try to melt it in your oven. If you don’t have a large area clear of all flammable materials, you should not be burning anything, ever. It may even be illegal for you to do so. The inside of your home is not an appropriate place to try and destroy your computer. 

Advertisement

(Just for fun, there’s a great video here of the folks at Hack-a-Day experimenting with “thermite-based anti-forensic techniques.”)

If you don’t have access to any of the tools required, the space, or experience necessary, there’s probably a data destruction company in your area that operates in compliance with various privacy laws like HIPAA.

“If you’re worried about your data ending up in the wrong person’s hands, destroy the data,” said Frantz. “If you wish to do a good deed and donate your technology so others can benefit, make sure it’s at least wiped to an acceptable standard.” Even if a company claims they’ll erase your data for you, he adds, “there’s no good way to know whether that’s actually true unless you perform the wipe yourself.”

Advertisement

Now if you’ll excuse me, I need to find a big ass hammer and some acetone.

About the author

Dell Cameron

Privacy, security, tech policy | Email: dell@gizmodo.com | XMPP: dell@jabber.ccc.de

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AE • PGP Key

OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD

#####EOF##### Senator Josh Hawley Sucks at Reading Internet Laws

Senator Keeps Attacking a Law Crucial to Internet Speech—Only He Can't Seem to Read It

Sen. Josh Hawley, R-Mo., pauses during a Senate Armed Services Committee hearing on “Nuclear Policy and Posture” on Capitol Hill in Washington, Thursday, Feb. 29, 2019.
Photo: Carolyn Kaster / AP

The economic juggernaut we call the internet has thrived principally thanks to a single U.S. law passed more than two decades ago—Section 230 of the Communications Decency Act. It states quite simply that website operators shall not be treated as the publishers of information posted by their users. To wit, Gizmodo cannot be held liable for some harebrained reader posting a defamatory remark in the comment section below.

Now imagine that starting tomorrow that wasn’t the case: Comments are canceled. There isn’t a company on Earth that would allow its users to say anything at all if the company could be dragged into court the next day and sued out of existence. Most of the top 10 most popular websites in the U.S.—Facebook, Wikipedia, Twitter, and YouTube among them—would quickly go bankrupt.

Advertisement

One U.S. senator, in particular, seems completely befuddled by this law. The concepts behind it have, for months, eluded him. Besides him being purposefully dishonest simply to lather up his conservative constituents, the only explanation is that he can’t read laws very well. For someone whose principal business is the writing of laws, that’s not too reassuring.

On Wednesday, Senator Josh Hawley once again laid into Twitter over a brief and apparently accidental suspension of an account espousing conservative views. And that’s fine; critics of Twitter’s moderation policies span the political spectrum, and it deserves to be criticized for any number of reasons. But as he’s done in the past, Hawley took advantage of the incident to spread misinformation regarding the purpose Section 230, a law that Republicans keep suggesting might need to be dismantled.

Advertisement

See, Twitter suspended the official account for the firm Unplanned, a faith-based, anti-abortion drama that debuted this weekend and raked in over $6 million nationwide. It centers on Abby Johnson, the former director of a Planned Parenthood clinic who quit her job in 2009 and is now a prominent voice of the American anti-abortion movement. (Controversially, it received an R-rating for, according to the MPAA, “some disturbing/bloody images.”)

The account, @UnplannedMovie, was restored in less than two hours. Not unusual, its follower count took a little longer to return to its former number. According to Slate, a Twitter spokesperson said Unplanned’s account was automatically suspended because the system believed the owner had been suspended for good reason in the past. “Twitter scans for evidence of ‘ban evasion’—accounts opened by people who have previously been booted from the platform,” the site reported, adding: “When an account is reinstated after a ban, the company said, it takes time for the follower count to stabilize; the follow-button glitch is a not-uncommon related issue.”

Hawley and fellow Senator Ted Cruz immediately seized upon the incident to lambaste Twitter over what they perceive as a liberal bias. “Big Tech’s attempted censorship of @UnplannedMovie is deeply troubling,” Cruz tweeted. “Why is the Left so afraid of people seeing this powerful story?”

Advertisement

In a letter to Twitter CEO Jack Dorsey, Hawley demanded that Twitter allow a third-party audit of its platform and release the results to the public. “I am rapidly losing confidence that Twitter is committed to the free speech principles that justify immunity under section 230,” he said.

In a press release Wednesday, Hawley’s office wrote that “Section 230 provides tech companies with immunity from liability for illegal content posted by third parties because they provide ‘a forum for a true diversity of political discourse.’”

Only none of that is true. Again, Hawley is either illiterate when it comes to reading laws or he’s simply being intentionally misleading.

Advertisement

Section 230 does not shield websites from liability because they are politically neutral or because they offer “a true diversity of political discourse.” If that were the case, the National Review, Fox News, the Daily Caller, and every right-leaning site offering online political commentary would be fucked; as would ThinkProgress, Splinter, Daily Kos, and every other progressive-leaning site—as would Gizmodo. The law simply has nothing whatsoever to do with politics.

To be fair, Section 230 does mention the phrase “true diversity of political discourse,” but only in reference to the broader internet itself. The actual text, written in 1996, states: “The Internet and other interactive computer services offer a forum for a true diversity of political discourse, unique opportunities for cultural development, and myriad avenues for intellectual activity.” This is one of several “findings” by Congress, which are contained in a separate subsection of the law. Nowhere does the law even vaguely suggest this is a prerequisite or condition of any kind. And no one at a seventh-grade reading level would come to that conclusion. (They might, however, use that sentence to mislead voters into thinking it means something it does not.)

Pure and simple, the concept that every website should have to present both sides of a political argument, or face the possibility of being sued over its user-generated content, is fucking stupid. The very idea of it is antithetical to free speech. Hawley’s belief that government forcing websites to offer political counterarguments to every opinion is somehow emblematic of free speech is bafflingly preposterous. That is the very definition of censorship. And no law enforcing that would ever be upheld by the courts. Not in a million years.

Advertisement

Imagine the real-world equivalent: A bookstore that’s required to sell an equal number of left-wing books as ring-wing books—and any that failed to do that could be sued out of business over the content of the books it sold. Because it’s virtually impossible for a bookseller to know the contents of every book she sells, there would be no bookstores.

Sites like Twitter and Facebook frequently ban, suspend, and punish accounts espousing left-wing views. Fox News, according to a recent study, commands more engagement on Facebook than any other outlet. But whether lawmakers like Hawley and Cruz really believe that Big Tech is out to get them, the legislative solution they’re pitching is, at best, nonsensical. At worst, their plan threatens to undermine the foundation of the internet itself and poses a direct threat to free speech and the global economy on an unthinkable scale.

Either way, this is one of the most bizarre and incoherent narratives about the suppression of online speech ever conceived by a sitting member of Congress.

Advertisement

Senator Hawley has not responded to multiple requests for comment.

About the author

Dell Cameron

Privacy, security, tech policy | Email: dell@gizmodo.com | XMPP: dell@jabber.ccc.de

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AE • PGP Key

OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD

#####EOF##### Facebook Is Giving Advertisers Access to Your Shadow Contact Information

Facebook Is Giving Advertisers Access to Your Shadow Contact Information

Illustration: Angelica Alzona (Gizmodo Media Group)

Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.

What Facebook told Alan Mislove about the ad I targeted at his office landline number
Screenshot: Facebook (Alan Mislove)

Advertisement

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”

You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Advertisement

Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.

Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.

Advertisement

They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. So users who want their accounts to be more secure are forced to make a privacy trade-off and allow advertisers to more easily find them on the social network. When asked about this, a Facebook spokesperson said that “we use the information people provide to offer a more personalized experience, including showing more relevant ads.” She said users bothered by this can set up two-factor authentication without using their phone numbers; Facebook stopped making a phone number mandatory for two-factor authentication four months ago.

The researchers also found that if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later. Ben can’t access his shadow contact information, because that would violate Anna’s privacy, according to Facebook, so he can’t see it or delete it, and he can’t keep advertisers from using it either.

The lead author on the paper, Giridhari Venkatadri, said this was the most surprising finding, that Facebook was targeted ads using information “that was not directly provided by the user, or even revealed to the user.”

Advertisement

I’ve been trying to get Facebook to disclose shadow contact information to users for almost a year now. But it has even refused to disclose these shadow details to users in Europe, where privacy law is stronger and explicitly requires companies to tell users what data it has on them. A UK resident named Rob Blackie has been asking Facebook to hand over his shadow contact information for months, but Facebook told him it’s part of “confidential” algorithms, and “we are not in a position to provide you the precise details of our algorithms.”

“People own their address books,” a Facebook spokesperson said by email. “We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them.”

To test the shadow information finding, the researchers tried a real-world test. They uploaded a list of hundreds of landline numbers from Northeastern University. These are numbers that people who work for Northeastern are unlikely to have added to their accounts, though it’s very likely that the numbers would be in the address books of people who know them and who might have uploaded them to Facebook in order to “find friends.” The researchers found that many of these numbers could be targeted with ads, and when they ran an ad campaign, the ad turned up in the Facebook news feed of Mislove, whose landline had been included in the file; I confirmed this with my own test targeting his landline number.

Advertisement

“It’s likely that he was shown the ad because someone else uploaded his contact information via contact importer,” a Facebook spokesperson confirmed when I told the company about the experiment.

Facebook did not dispute any of the researchers’ findings. “We outline the information we receive and use for ads in our data policy, and give people control over their ads experience including custom audiences, via their ad preferences,” said a spokesperson by email. “For more information about how to manage your preferences and the type of data we use to show people ads see this post.”

In that post, “Hard Questions: What Information Do Facebook Advertisers Know About Me?”, Facebook’s vice president of ads Rob Goldman discusses how advertising works on Facebook and what you can do if “I don’t want my data used to show me ads.” The post doesn’t mention the surprising collection or use of contact information for targeted advertising that the researchers discovered.

Advertisement

“I think that many users don’t fully understand how ad targeting works today: that advertisers can literally specify exactly which users should see their ads by uploading the users’ email addresses, phone numbers, names+dates of birth, etc,” said Mislove. “In describing this work to colleagues, many computer scientists were surprised by this, and were even more surprised to learn that not only Facebook, but also Google, Pinterest, and Twitter all offer related services. Thus, we think there is a significant need to educate users about how exactly targeted advertising on such platforms works today.”

While Facebook isn’t upfront about which of your contact information it uses for ads, it is upfront about which advertisers are getting access to you with it. Facebook’s “ad preferences” page has a section devoted to “advertisers you’ve interacted with” where it will show you which advertisers have you in their contact list. My own list has over 300 advertisers on it, very few of whom to which I remember consciously giving my contact information—but if I did it would likely have been a junk email address so that I never had to hear from them again. Mislove says Facebook could be far more transparent here:

“Facebook could also reveal to users which [personal information] was used to target the delivered ad, helping users understand how their [information] is used by advertisers,” said Mislove by email. In other words, Facebook could tell me which email address or phone number all these advertisers have on me. With the involvement of shadow contact information, though, Facebook may have been avoiding that because it doesn’t want me to know what personal information Facebook has on me.

Advertisement

Contact the Special Projects Desk

This post was produced by the Special Projects Desk of Gizmodo Media. Email us at tips@gizmodomedia.com, or contact us securely using SecureDrop.

There are certainly creepier practices happening in the advertising industry, but it’s troubling this is happening at Facebook because of its representations about letting you control your ad experience. It’s disturbing that Facebook is reducing the privacy of people who want their accounts to be more secure by using the information they provide for that purpose to data-mine them for ads. And it’s also troubling to discover another way in which shadow contact information is used, beyond friend recommendations, given that Facebook doesn’t let users see this information about themselves or let them delete it.

Mislove thinks Facebook can make its platform more transparent by telling users everything it knows about them, including all the contact information it’s gathered from various sources, and how that information gets used. He suggests that Facebook let users see all the data it has on them and then let them specify whether it is correct and whether advertisers can use it.

Advertisement

Facebook has claimed that users already have extensive control over what information is made available to advertisers, but that’s not entirely true. When I asked the company last year about whether it used shadow contact information for ads, it gave me inaccurate information, and it hadn’t made the practice clear in its extensive messaging to users about ads. It took academic researchers performing tests for months to unearth the truth. People are increasingly paranoid about the creepy accuracy of the ads they see online and don’t understand where the information is coming from that leads to that accuracy. It seems that, when it came to this particular practice, Facebook wanted to keep its users in the dark.

About the author

Kashmir Hill

Kashmir Hill is the deputy editor for the Special Projects Desk, which produces investigative work across all of Gizmodo Media Group's web sites. She writes about privacy and technology.

PGP Fingerprint: AE77 9CA9 59C8 0469 76D5 CC2D 0B3C BD37 D934 E5E9

#####EOF##### io9 | Gizmodo - Science Fiction and Fantasy News.

So Will Smith Doesn't Exactly *Sing* in Aladdin, But It Works

When it comes to Aladdin songs, “Friend Like Me” is the showstopper. Sure “A Whole New World” is beautiful and “Prince Ali” is catchy, but it’s that big, intro song sung by the genie that sticks in your head the most. So when the lights went down at CinemaCon 2019 and “Friend Like Me” from Guy Ritchie’s upcoming …

The Hobbs & Shaw CinemaCon Footage Referred to Idris Elba's Character as the Black Superman

When the first trailer for Fast & Furious Presents: Hobbs & Shaw was released, io9 was delighted to see that the franchise had finally gone full sci-fi as Idris Elba’s villain, Brixton, had genetically enhanced himself. In a new trailer shown at CinemaCon 2019, the character took that enhancement one step further. He…

A Look Inside the New Book Exploring the Making of Solo: A Star Wars Story

The story behind how Solo came to life is...well, a lot more intriguing than Lucasfilm would want it to be. And while Abrams Books’ latest Star Wars “making of” release may not have the full story you’d perhaps want to hear about Solo specifically, its plethora of behind-the-scenes images paint an intimate picture…

Shazam's Director and Star on Why It's a Kids' Movie with an Important Message About Adults

Shazam is a ridiculously fun and at-times silly film that’ll undeniably appeal to younger moviegoers, while at the same time feeling like a breath of fresh air to adults who’ve grown weary of Warner Bros. and DC’s fondness for grimdark cape stories. But when io9 spoke to director David F. Sandberg and actor Asher…

Travel back to an eccentric period of comics in this Bronze Age Boogie exclusive

The Bronze Age of comics, typically considered the early ’70s through the mid ’80s, was a fascinating period that saw superheroes evolving while pulp genres regained popularity. Books like Conan The Barbarian, Master Of Kung Fu, and Swamp Thing brought epic fantasy, dynamic martial arts, and chilling horror to…

Avatar: The Last Airbender's Writer Says a Possible Season 4 Was Sidelined for Shyamalan's Film

One of the things that made Nickelodeon’s Avatar: The Last Airbender so special was how well it told its story in just the right amount of time, using three seasons to take us through Aang’s journey. Well, turns out there were tentative plans for more—possibly with a redemption arc for Zuko’s sister, Azula. But the…

Advertisement

#####EOF##### A Wannabe Supervillain Built His Own Thermite Cannon

A Wannabe Supervillain Built His Own Thermite Cannon

It’s not often you come across a real-life mad scientist. They’re usually just over-the-top antagonists in comic books, but Colin Furze is the real thing. He has a penchant for building things that often blow up—on purpose—like this impossibly dangerous-looking thermite cannon.

Not familiar with thermite? It’s an especially nasty chemical composition made of metal power and oxide that burns as hot as 2,500 degrees celsius. If it ignites, you don’t want to be anywhere near it, which is why a cannon that puts a lot of distance between you and a flaming thermite grenade isn’t the world’s worst idea.

It should go without saying that building your own thermite cannon is a very dangerous undertaking. But watching a trained... err... professional like Colin build his is still quite entertaining. And you might even learn something about why thermite isn’t exactly something you want to be playing around with.


SPLOID is delicious brain candy. Follow us on Facebook, Twitter, and YouTube.

Advertisement

About the author

#####EOF##### Earther | Gizmodo - Climate, Science and Environmental News.

Instagram Influencers Are Wrecking Public Lands. Meet the Anonymous Account Trying to Stop Them

At this very moment, Southern California is full of poppies, and the poppies are full of influencers. The superbloom—a fun word for a particularly riotous profusion of wildflowers—has brought thousands of tourists flooding into areas across the state, like Lake Elsinore, where access to the Walker Canyon poppy fields…

Watch Five Cheetahs Take Down a Wildebeest in a Heart-Pounding Exclusive Clip From Our Planet

The premise of Our Planet, Netflix’s new nature documentary, is to include humans in the story of Earth. It’s a radically simple concept, and one that makes sense given our increasingly major role in shaping the natural world. But at the end of the day, any David Attenborough-voiced documentary worth its salt better…

Trump’s ‘Unprecedented’ Plan to Restart the Keystone XL Pipeline May Be Illegal

President Donald Trump ratcheted up the drama over the Keystone XL Pipeline Friday when he issued a presidential memorandum to push the oil pipeline through despite a recent court ruling against it. And opponents plan on taking him back to court over it. After all, his action could set a new precedent for presidential…

Scientists Say Climate Change Might Turn Denali Into a Literal Mountain of Shit

Look at that mountain. Isn’t it pretty? Isn’t what you see in the above picture a pretty mountain? “Sure is, Rebecca, you dumb idiot!” you say. “I can recognize a beautiful mountain when I see one, you stupid blogger!” But what if I told you that beneath that pristine snow lies decades worth of hikers’ frozen feces?…

Embattled Louisiana Oil Pipeline Is Complete, But the Fight Isn’t Over

In Louisiana, the controversial Bayou Bridge Pipeline is finally complete. This Monday, it’s set to start transporting up to 480,000 barrels of oil a day between Nederland, Texas, and St. James, Louisiana. That doesn’t mean that its opponents are going to stop challenging this pipeline—and others like it—any time soon.

Giant Space Mirrors, Engineered Glaciers: Presidential Candidate Andrew Yang Shares His Wildest Plans For Fighting Climate Change

Among presidential candidates, Andrew Yang is perhaps the most quixotic. His radical plan universal basic income plan, which offers $1,000 per month to Americans has garnered the most attention. But his platform also includes an equally radical climate plan: Hacking the Earth to save humanity.

Advertisement

#####EOF##### How to Enable Dark Mode Nearly Everywhere It's Available Right Now

How to Enable Dark Mode Nearly Everywhere It's Available Right Now

Screenshot: Gizmodo

Dark mode can make software easier on the eye, give you a refreshing change from the norm, and even save on battery life if you’re using an OLED display—here are all the apps and platforms offering the option of a dark mode right now, and how to enable it in each case.

Windows

Screenshot: Gizmodo

Advertisement

You can enable dark mode on Windows 10 by clicking the cog icon on the Start menu, then choosing Personalization, Colors, and then Dark from the drop-down menu at the top. Pick Custom from the list instead, and you can control dark mode independently at both the OS and app level (if you want Windows itself but not your apps to use it, for instance).

Windows apps

Screenshot: Gizmodo

Advertisement

Some programs on Windows have their own dark modes which you can control on their own. In Mail, for instance, click the cog icon down in the lower left-hand corner, then choose Personalization and tick the Dark mode box. You’ll see there’s another option, Use my Windows mode, which follows whatever the current Windows OS setting is.

Open up Microsoft Edge and you’ll find there’s a dark mode here too: Open the app menu (three dots, top right) then choose Settings and pick Dark under Choose a theme. In Microsoft Office, meanwhile, you can open any file in the suite then select File, Options, General and choose either Dark Gray or Black under the Office Theme heading.

macOS

Screenshot: Gizmodo

Advertisement

To turn on dark mode across the whole of macOS Mojave, open up the Apple menu and choose System Preferences. Pick General, then choose Dark from the two options at the top of the dialog box (you can still set accent colors separately). As on Windows, not all programs will necessarily follow your dark mode directive, but the Apple ones will at least.

macOS apps

Screenshot: Gizmodo

Advertisement

You’ve got a few options when it comes to controlling dark mode in individual Apple apps for macOS too. In Mail, for instance, it’s possible to keep the background of messages light independently of the system-wide setting: Choose Mail and Preferences, open up the Viewing tab, and untick the box that’s labeled Use dark backgrounds for messages.

It’s the same with Notes—if you don’t like the dark backgrounds dark mode introduces, you can switch back this element via Notes, Preferences, and Use dark backgrounds for note content. In Apple Maps on macOS, meanwhile, you can choose View then untick Use Dark Map to keep using a light map even while the rest of the OS is set to dark mode.

Android

Advertisement

Android comes in many forms of course, but on the stock, Google-approved Android 9.x Pie you can enable dark mode by going to Settings then choosing Display, Advanced, Device theme and Dark. Unfortunately, individual apps are under no obligation to follow the lead of Android, but some elements (like the quick settings pane) will turn darker.

Samsung has its own approach, as you might expect—if you go to Settings on a phone with the latest One UI installed, you can pick Display then Night theme to enable Samsung’s take on the dark mode, which at the moment is more comprehensive in its changes than Google’s own effort. You can add a toggle switch for it to the quick settings pane too.

iOS

Screenshot: Gizmodo

Advertisement

As yet, iOS doesn’t have an official dark mode. The nearest you can get is the invert colors feature, which you can find from Settings by tapping General, Accessibility, then Display Accommodations and Invert Colors—choose Smart Invert to exclude images, media, and dark apps from the inversion, or Classic Invert to invert everything on screen.

Facebook Messenger

Screenshot: Gizmodo

Advertisement

Facebook Messenger just started testing out a dark mode for its mobiles app. You may have noticed it’s hidden at the moment—hidden until you send someone, anyone a crescent emoji. Tap the confirmation dialog that appears to turn on dark mode. Facebook says it’ll be fully rolled out and added to the Settings menu in the coming weeks.

YouTube

Screenshot: Gizmodo

Advertisement

You can enable YouTube’s dark mode on the web (for the current browser only) by clicking your avatar, then Dark theme. In the apps for Android and iOS, you need to go to the Settings pane (tap your avatar to find it), then toggle the Dark theme switch to on. On Android, there’s an extra General screen to tap into before you find the toggle switch.

Twitter

Screenshot: Gizmodo

Advertisement

For Twitter on the web, just click your avatar picture and then Night mode and you’re in. On the mobile apps, you can either tap your avatar then the crescent moon icon (bottom left), or you can choose Settings and privacy, Display and sound, and turn the Night mode toggle switch to on. Apparently more dark mode color options might be on the way.

Google Chrome

Screenshot: Gizmodo

Advertisement

Chrome doesn’t have a dark mode per se, but it does have an official Just Black theme. From Settings on the desktop, choose Open Chrome Web Store under Themes then pick Just Black from the gallery. For now, you can’t do the same trick in Chrome for Android or iOS, but dark mode support has been spotted in early beta versions of the mobile browser.

Mozilla Firefox

Screenshot: Gizmodo

Advertisement

Firefox uses themes like Chrome: Choose Add-ons then Themes from the program menu on the desktop, and you can click Enable next to the one you want to use. There’s also an official Enable Night Mode option available on the app menu for Firefox on iOS, but not as yet for Android (you can still install third-party dark themes on Firefox for Android).

Wikipedia

Screenshot: Gizmodo

Advertisement

Wikipedia is one of those apps where you might be doing a lot of reading, and a dark mode can help: From the app Settings screen on Android, tap App theme to choose between Light, Dark, and Black; on iOS, from Settings tap Reading preferences to choose Default, Sepia, Dark, or Black. For the time being there’s no such option available on the web.

Slack

Slack introduced a dark mode in the beta for Android and iOS over the weekend (Windows and macOS users are still out of luck). It’s relatively easy to set up but could take a little while longer to activate than any of the modes above. First, you’ll have to join Slack’s beta program. You can do so by going here for iOS, and here for Android.

Advertisement

It can take from a few minutes to a few hours for Slack to note you’ve joined the beta, at which point you’ll find a new version of Slack available to download. Update the app and then navigate Settings and make certain Dark Mode is enabled.

And the rest...

We can’t go through every single app for Android and iOS with a dark mode, but those are the main ones. Have a dig into the apps you’ve got set up—more of them have the option than you might think. More developers are embracing dark mode all the time as well: It’s even rumored to be on the way for WhatsApp.

Advertisement

About the author

#####EOF##### 540 Million Facebook User Records Exposed Online, Plus Passwords, Comments, and More

540 Million Facebook User Records Exposed Online, Plus Passwords, Comments, and More

Photo: Getty

Researchers at the cybersecurity firm UpGuard on Wednesday said they had discovered the existence of two datasets together containing the personal data of hundreds of millions of Facebook users. Both were left publicly accessible.

In a blog post, UpGuard connected one of the leaky databases to a Mexico-based media company called Cultura Colectiva. The data set reportedly contains over 146 GB of data, which amounts to over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.

Advertisement

A second leak, UpGuard said, was connected to a Facebook-integrated app called “At the pool” and had exposed roughly 22,000 passwords. “The passwords are presumably for the ‘At the Pool’ app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts,” the firm said. The database also contained data on users’ friends, likes, groups, and locations where they had checked in, said UpGuard.

Both datasets were stored in unsecured Amazon S3 buckets and could be accessed by virtually anyone. Neither was password protected. The buckets have since been secured or taken offline.

“The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each,” UpGuard said. “What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers.”

Advertisement

Added Upguard: “As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”

Facebook did not immediately respond to Gizmodo’s request for comment.

This is a developing story. Check back for updates.

Update, 2:30pm: Facebook gave the following statement:

“Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”

Advertisement

Update, 3:40pm: Added text clarifying that the 22,000 passwords discovered by UpGuard belong to Facebook users, but may not grant access to actual Facebook accounts. UpGuard reported that, “presumably,” the passwords would grant access to the now-defunct app, though the researchers warned it “put users at risk who have reused the same password across accounts.”

About the author

Dell Cameron

Privacy, security, tech policy | Email: dell@gizmodo.com | XMPP: dell@jabber.ccc.de

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AE • PGP Key

OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD

#####EOF##### AI Can Now Fake Fingerprints That Fool Biometric ID Scanners

AI Can Now Fake Fingerprints That Fool Biometric ID Scanners

Photo: Leon Neal (Getty)

Artificial Intelligence researchers used a neural network to create fake fingerprints that could be a hacker’s dream tool.

Five researchers, led by Philip Bontrager of the New York University engineering school, developed what they have called “DeepMasterPrints.” The Guardian reported that the research was presented at a biometrics conference in Los Angeles in October. As the Guardian points out, their report, published last month, explains how the fake prints they generated could replicate more than one in five real fingerprints in a biometric identification system.

Advertisement

The paper suggests this technique could be used to create replicated fingerprints that could be used in something akin to a “dictionary attack,” but instead of software that runs millions of popular passwords through a system, a DeepMasterPrints-inspired tool could run several fake fingerprints through a system to see if any prints match any accounts.

Screenshot: Philip Bontrager, Aditi Roy, Julian Togelius, Nasir Memon, Arun Ross (eepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution)

The key to their research is that many fingerprint scanners only read a portion of a print, and some different fingertip portions have more in common than others.

Advertisement

So when researchers created new prints by feeding a set of real fingerprints into a generative adversarial network, they only needed to create prints that matched certain portions of other fingerprints—the portions that tend to have commonalities.

It’s unlikely someone could use such a technique to break into your phone (as one report suggests). “A similar setup to ours could be used for nefarious purposes, but it would likely not have the success rate we reported unless they optimized it for a smartphone system,” Bontrager told Gizmodo. “This would take a lot of work to try and reverse engineer a system like that.”

But if a hacker accessed a system with many fingerprint-accessible accounts, they’d have a good shot at cracking into a few of them.

Advertisement

Bontrager and his team want their research to inspire companies to step up fingerprint-security efforts. “Without verifying that a biometric comes from a real person, a lot of these adversarial attacks become possible,” Bontrager said. “The real hope of work like this is to push toward liveness detection in biometric sensor.”

[The Guardian]

About the author

Jennings Brown

Senior editor and reporter at Gizmodo

#####EOF##### How Facebook Figures Out Everyone You've Ever Met

How Facebook Figures Out Everyone You've Ever Met

In real life, in the natural course of conversation, it is not uncommon to talk about a person you may know. You meet someone and say, “I’m from Sarasota,” and they say, “Oh, I have a grandparent in Sarasota,” and they tell you where they live and their name, and you may or may not recognize them.

You might assume Facebook’s friend recommendations would work the same way: You tell the social network who you are, and it tells you who you might know in the online world. But Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:

  • A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
  • A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
  • A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later.
  • An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”

Connections like these seem inexplicable if you assume Facebook only knows what you’ve told it about yourself. They’re less mysterious if you know about the other file Facebook keeps on you—one that you can’t see or control.

Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections.

Advertisement

Shadow contact information has been a known feature of Facebook for a few years now. But most users remain unaware of its reach and power. Because shadow-profile connections happen inside Facebook’s algorithmic black box, people can’t see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up.

Facebook isn’t scanning the work email of the attorney above. But it likely has her work email address on file, even if she never gave it to Facebook herself. If anyone who has the lawyer’s address in their contacts has chosen to share it with Facebook, the company can link her to anyone else who has it, such as the defense counsel in one of her cases.

Facebook will not confirm how it makes specific People You May Know connections, and a Facebook spokesperson suggested that there could be other plausible explanations for most of those examples—“mutual friendships,” or people being “in the same city/network.” The spokesperson did say that of the stories on the list, the lawyer was the likeliest case for a shadow-profile connection.

Handing over address books is one of the first steps Facebook asks people to take when they initially sign up, so that they can “Find Friends.” The “Find Friends” option on desktop is very basic:

You enter your email address and then your email password, and Facebook will tell you everyone you know on Facebook. Meanwhile, Facebook holds on to all the contacts you handed over.

Advertisement

The “Find Friends” page in the Facebook smartphone app is more inviting, presenting a picture of a spray of flowers and inviting the user to “See who’s on Facebook by continuously uploading your contacts.”

Down in the fine print, below the “Get Started” button, the page states that “Info about your contacts...will be sent to Facebook to help you and others find friends faster.” This is vague, and the purpose remains vague even after you click on “Learn More”:

When you choose to find friends on Facebook, we’ll use and securely store information about your contacts, including things like names and any nicknames; contact photo; phone numbers and other contact or related information you may have added like relation or profession; as well as data on your phone about those contacts. This helps Facebook make recommendation for you and others, and helps us provide a better service.

Take a look at all the possible information associated with a contact on your phone. Then consider the accumulated data your phone is carrying about various people, whether lifelong friends or passing acquaintances.

Facebook warns users to be judicious about using all this data. “You may have business or personal contacts in your phone,” the Learn More screen admonishes the reader. “Please only send friend requests to people you know personally who would welcome the invite.”

Advertisement

Having issued this warning, and having acknowledged that people in your address book may not necessarily want to be connected to you, Facebook will then do exactly what it warned you not to do. If you agree to share your contacts, every piece of contact data you possess will go to Facebook, and the network will then use it to try to search for connections between everyone you know, no matter how slightly—and you won’t see it happen.


Facebook doesn’t like, and doesn’t use, the term “shadow profiles.” It doesn’t like the term because it sounds like Facebook creates hidden profiles for people who haven’t joined the network, which Facebook says it doesn’t do. The existence of shadow contact information came to light in 2013 after Facebook admitted it had discovered and fixed “a bug.” The bug was that when a user downloaded their Facebook file, it included not just their friends’ visible contact information, but also their friends’ shadow contact information.

The problem with the bug, for Facebook, was not that all the information was lumped together—it was that it had mistakenly shown users the lump existed. The extent of the connections Facebook builds around its users is supposed to be visible only to the company itself.

Facebook does what it can to underplay how much data it gathers through contacts, and how widely it casts its net. “People You May Know suggestions may be based on contact information we receive from people and their friends,” Facebook spokesperson Matt Steinfeld wrote in an email. “Sometimes this means that a friend or someone you know might upload contact information—like an email address or phone number—that we associate with you. This and other signals from you help us to make sure that the people we suggest are those you likely already know and want to become friends with on Facebook.”

Users of Instagram and WhatsApp, which are owned by Facebook, can also upload contacts to those apps, but Steinfeld said that Facebook does not currently use that data for Facebook friend suggestions. “Today, we use contacts uploaded to Facebook and Messenger to inform PYMK suggestions,” he wrote.


Contact the Special Projects Desk

This post was produced by the Special Projects Desk of Gizmodo Media. Reach our team by phone, text, Signal, or WhatsApp at (917) 999-6143, email us at tips@gizmodomedia.com, or contact us securely using SecureDrop.

Advertisement

Through the course of reporting this story, I discovered that many of my own friends had uploaded their contacts. While encouraging me to do the same, Facebook’s smartphone app told me that 272 of my friends have already done so. That’s a quarter of all my friends.

But big as it is, that’s not even the relevant number. When Steinfeld wrote “a friend or someone you might know,” he meant anyone—any person who might at some point have labeled your phone number or email or address in their own contacts. A one-night stand from 2008, a person you got a couch from on Craiglist in 2010, a landlord from 2013: If they ever put you in their phone, or you put them in yours, Facebook could log the connection if either party were to upload their contacts.

That accumulation of contact data from hundreds of people means that Facebook probably knows every address you’ve ever lived at, every email address you’ve ever used, every landline and cell phone number you’ve ever been associated with, all of your nicknames, any social network profiles associated with you, all your former instant message accounts, and anything else someone might have added about you to their phone book.

As far as Facebook is concerned, none of that even counts as your own information. It belongs to the users who’ve uploaded it, and they’re the only ones with any control over it.

It’s what the sociologist danah boyd calls “networked privacy”: All the people who know you and who choose to share their contacts with Facebook are making it easier for Facebook to make connections you may not want it to make—say if you’re in a profession like law, medicine, social work, or even journalism, where you might not want to be connected to people you encounter at work, because of what it could reveal about them or you, or because you may not have had a friendly encounter with them.

Advertisement

Imagine the challenge for people trying to maintain two different identities, such as sex workers or undercover investigators. Not only do you have to keep those identities apart like a security professional, you have to make sure that no one else links them either. If just one person you know has contact information for both identities and gives Facebook access to it, your worlds collide. Bruce Wayne and Clark Kent would be screwed.


Shadow profile data powers Facebook’s effort to connect as many people as possible, in as many ways as possible. The company’s ability to perceive the threads connecting its billion-plus users around the globe led it to announce last year that it’s not six degrees that separate one person from another—it’s just three and a half.

With its vast, hidden black book, Facebook can go beyond simply matching you directly with someone else who has your contact information. The network can do contact chaining—if two different people both have an email address or phone number for you in their contact information, that indicates that they could possibly know each other, too. It doesn’t even have to be an address or phone number that you personally told Facebook about.

This is how a psychiatrist’s patients were recommended to one another and may be why a man had his secret biological daughter recommended to him. (He and she would have her parents’ contact information in common.) And it may explain why a non-Facebook user had his ex-wife recommended to his girlfriend. Facebook doesn’t keep profiles for non-users, but it does use their contact information to connect people.

“Mobile phone numbers are even better than social security numbers for identifying people,” said security technologist Bruce Schneier by email. “People give them out all the time, and they’re strongly linked to identity.”

Advertisement

Facebook won’t tell you how many people who aren’t your friends have handed over your contact information. The contents of your shadow profiles are not yours to see.

As Violet Blue wrote in Cnet at the time of the shadow-profile bug, “What the revelation means is that Facebook has much more information on us than we know, it may not be accurate, and despite everyone’s best efforts to keep Facebook from knowing our phone numbers or work email address, the social network is getting our not-for-sharing numbers and email addresses anyway by stealing them (albeit through ‘legitimate’ means) from our friends.”

What if you don’t like Facebook having this data about you? All you need to do is find every person who’s ever gotten your contact information and uploaded it to Facebook, and then ask them one by one to go to Facebook’s contact management page and delete it.

Just don’t miss anyone. “Once a contact is deleted, we remove it from our system—but of course it is possible that the same contact has been uploaded by someone else,” Steinfeld wrote in an email.

The shadow profiles, like the People You May Know system they feed into, can’t be turned off or opted out of. The one thing you can do to impede Facebook’s contacts-based connections is, through its Privacy Settings menu, keep people from finding your profile by searching your phone number or email address. (Yes, Facebook functions as a reverse phone-number look-up service; under the default settings, anyone can put your phone number into the search bar and pull up your account.)

“Let’s say you’ve shared your phone number [or email address] with a lot of people and don’t want strangers using it to search for you on Facebook,” Steinfeld wrote. “You can limit who can look you up on Facebook by that phone number [or email address] to ‘friends.’ This is also a signal that People You May Know uses. So if a stranger uploads his address book including that phone number [or email address, it] won’t be used to suggest you to that stranger in People You May Know.”

Advertisement

These privacy settings are an undocumented way to control to whom you get recommended in People You May Know.

But you can only block People You May Know from using information you’ve actively provided to Facebook, not what’s in your shadow profile. So to protect your privacy, you need to provide Facebook with even more information about you.

I asked if Facebook would consider sharing shadow profile information with its users, much like it accidentally shared it with their friends four years ago. Facebook says it can’t because it would be a privacy violation of those who gave the information.

“When you choose to upload your contacts to Facebook, we consider your privacy along with the privacy of the friends, family, and others who gave you their phone number or email address,” said Facebook spokesperson Matt Steinfeld by email. “We acknowledge that people might want to see the contact information that’s been uploaded about them to Facebook, but we also have a responsibility to the people choosing to upload this information. This is a balance and we’ll continue listening to people’s feedback.”

Steinfeld also said that while Facebook doesn’t currently “offer a way for people to manage the contact information others have uploaded that might be related to them, this is something I’ve shared with the team.”

As usual, I asked to speak with the People You May Know team directly, but was turned down.

About the author

Kashmir Hill

Kashmir Hill is the deputy editor for the Special Projects Desk, which produces investigative work across all of Gizmodo Media Group's web sites. She writes about privacy and technology.

PGP Fingerprint: AE77 9CA9 59C8 0469 76D5 CC2D 0B3C BD37 D934 E5E9

#####EOF##### Why You Should Stop Using Telegram Right Now 

Why You Should Stop Using Telegram Right Now 

Telegram, the supposedly secure messaging app, has over 100 million users. You might even be one of them. If you are, you should probably stop using it right now. Here’s the unfortunate truth about Telegram: it’s not as secure as the company’s marketing campaigns might lead you to believe.

According to interviews with leading encryption and security experts, Telegram has a wide range of security issues and doesn’t live up to its proclamations as a safe and secure messaging application.

Advertisement

One major problem Telegram has is that it doesn’t encrypt chats by default, something the FBI has advocated for. “There are many Telegram users who think they are communicating in an encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. “Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if its not turned on by default, it doesn’t matter.”

There’s no reason to not encrypt your messages by default, especially as an application that brands itself one that makes security a high priority. Contrary to the opinions of almost every encryption and security expert, Telegram’s FAQ touts itself as more secure as WhatsApp. But in reality, WhatsApp uses the most highly praised encryption protocol on the market and encrypts every text message and call by default.

Advertisement

Besides making flawed product choices like offering non-encrypted chatting, a boon to would-be hackers or government surveillance programs, experts also indicate that the actual encryption technology is flawed. Telegram did what’s known as “rolling their own encryption,” which is widely considered to be a fatal flaw when developing encrypted messaging apps.

“They use the MTproto protocol which is effectively homegrown and I’ve seen no proper proofs of its security,” Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. “At present we don’t know enough to know if it’s secure or insecure. That’s the trouble with security by obscurity. It’s usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn’t write your own crypto. No one really understands why they did that.”

“When experts universally praise the Signal protocol that Open Whisper Systems uses and that WhatsApp uses, there is no reason to roll your own encryption,” Soghoian said. “This is computer security 101. There’s no reason to roll your own when something perfectly good already exists that has been audited extensively.”

Advertisement

“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot last year. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart, so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But it’s just weird.”

The app also leaks metadata “like a champion,” Woodward said. Earlier this year a security researcher discovered that an attacker could figure out when a user was online and offline, which could help determine who you are talking to and when you use the app.

Leaking Telegram metadata

Advertisement

So the point is, if you’re looking to communicate securely, just use Signal, iMessage, or WhatsApp. Telegram has too many potential flaws and hiccups that may compromise its integrity as a secure messaging application.

About the author

William Turton

Staff Writer, Gizmodo | Send me tips: william.turton@gizmodo.com

PGP Fingerprint: 88DF AB75 FAFC 1D10 4C45 A875 CA45 ABE6 B08D 8E52 • PGP Key

OTR Fingerprint: 47F02E79 399AB8FA CC2A4DEF 4573B25F 18AB41D2

#####EOF##### Privacy - Tech and Science Tips, Reviews, News And More. | Gizmodo

Advertisement

Want Gizmodo’s email newsletter?
#####EOF##### We Do Not Recommend Making a Sword With Thermite, But Hey

We Do Not Recommend Making a Sword With Thermite, But Hey

Thermite, a mixture of powdered iron oxides and aluminum, can be burned to produce temperatures it would be hard to argue are truly safe outside of a meticulously controlled environment (over 4,000 degrees Fahrenheit / 2,200 degrees Celsius). It’s used for a variety of purposes, from metal cutting and welding to military incendiaries.

It can also be used, apparently, to very quickly whip yourself up a sword (albeit not necessarily a very good one).

Advertisement

Kevin Kohler, the Backyard Scientist famous and slightly notorious on YouTube for experiments like building a molten-metal squirt gun and dropping cans of compressed air into boiling water, decided to use this extremely dangerous substance in conjunction with some molds to immediately melt steel into some form of scimitar. To Kohler’s credit, after one failed round in which the thermite terrifyingly spurted out of the sides of his mold, and a subsequent round involving “cutting, grinding, welding and polishing” plus heat treatment, the resulting blade was capable of cutting through some cans.

As he also admitted, it was heavy, did not appear to have an ideal physical composition and its cutting edge was pitted through, so this is probably not something you would want to use on a battlefield.

Please don’t try this at home, but if you do, don’t wear shorts. 

[YouTube]

Advertisement

About the author

Tom McKay

"... An upperclassman who had been researching terrorist groups online." - Washington Post

#####EOF##### Data Destruction - Tech and Science Tips, Reviews, News And More. | Gizmodo

Advertisement

Want Gizmodo’s email newsletter?
#####EOF##### 11 Things Your Phone Can Do That You Might Not Know About

11 Things Your Phone Can Do That You Might Not Know About

Photo: Sam Rutherford (Gizmodo)

You use your smartphone a lot, we’re sure of that, but you’re probably just touring round the same apps and the same settings day after day. Are you aware of everything your pocketable mobile device is capable of? Here are 11 features you might have missed that should come in useful somewhere down the line.


1) Snap photos while recording videos

Image: Apple

Advertisement

The more eagle-eyed among you may have spotted this one already, but it’s actually really easy to snap still images while you’re recording videos, whether you’re on iOS or Android: note the camera shutter button just to the side of the main red video recording button.

You don’t get pictures as good as those snapped with the main camera mode, but it can be a handy way to quickly capture something that’s happening without breaking the flow of the video. Open up the default camera app on Android or iOS to try it out.


2) Put your phone in emergency or lockdown mode

Screenshot: Gizmodo

Advertisement

We hope you never use it, but hold down the side button and a volume buttons on a newer iPhone to access an Emergency SOS option: It disables Face ID and Touch ID, and calls the emergency services (visit Emergency SOS in Settings to configure exactly how it works).

Stock Android doesn’t have this yet, but you can disable biometric unlocking in Android 9 Pie. From Settings, choose Security & location, Lock screen preferences, and Show lockdown option to add it to the menu that appears when you hit the power button.


3) Use your phone as a level

Screenshot: Gizmodo

Advertisement

The level is hidden away on iOS but once you know where it is, you can use it to gauge the level of any surface using the sensors in your iPhone or iPad: Open up the Measure app (now with extra AR magic), then tap the Level option at the bottom.

You don’t get the same sort of functionality built into Android, unfortunately, but plenty of third-party apps are around to plug the gap. Bubble Level (free with ads) is one of the best we’ve tried, while Level With Voice (free with ads) gives audible as well as visual feedback.


4) Read out your texts

Screenshot: Gizmodo

Advertisement

You’re not still using your eyes to read your incoming text messages are you? Because the smart assistant built into your phone can read out your SMSes, among all the other jobs it does—this is a trick that’ll work with both Siri on iOS and Google Assistant on Android.

On an iPhone you need to say, “hey Siri, read me my texts” (and you’ll get the option to reply or have them repeated after each one as well). On an Android device, you need to say “hey Google, read me my texts” (and again you can have them repeated or reply to them).


5) Restrict other people to one app

Screenshot: Gizmodo

Advertisement

Here’s how to hand over your phone to other people without fear, by locking them to one app. On iOS, from Settings choose General, Accessibility, then Guided Access to enable the feature, and then triple-tap the side button in the app you want to lock your guest to.

On Android, make sure Screen pinning is on in the Security & location screen in Settings. Swipe up to see your open apps, then tap an app icon at the top to find the Pin option. On both iOS and Android, your phone needs to be unlocked again to switch to a different app.


6) Set custom ringtones and vibrations

Screenshot: Gizmodo

Advertisement

This is perfect for knowing instantly whether you need to pick up your phone or pull it out of your pocket or not—set up custom ringtones (Android and iOS) or custom vibrations (iOS only) to match specific contacts, so you know who’s calling or texting you right away.

On iOS, open up a contact (in Contacts) then tap Edit and either Ringtone or Text Tone to make changes. On Android, open up a contact (in Contacts), tap the menu button (three dots, top right), then Set ringtone. To change vibrations, you need an app like this one.


7) Launch the digital assistant quietly

Screenshot: Gizmodo

Advertisement

You can use your phone’s AI powers without speaking or getting spoken responses (like if you’re in the library). On Android, open Google Assistant then tap the four colored dots at the bottom. Tap the keyboard icon, and type out your query for a silent response.

If you’re using an iPhone or iPad, go to Settings then pick General, Accessibility, and Siri to enable the Type to Siri option. When you press and release the side button, you’ll be able to type your request rather than speak it, and get a text response back in return.


8) Get ready for bed

Screenshot: Gizmodo

Advertisement

With the swathe of digital wellness features added to iOS 12 and Android 9 are modes for winding down before bedtime: The screen dims, certain apps become unavailable (unless you exit the mode again), and most of your contacts won’t be able to get in touch with you.

Apple calls it Downtime, which you can enable and configure via Screen Time from Settings. Google calls it Wind Down, available through Digital Wellbeing in Settings: As on iOS, you can set the start and end times, as well as the options for the quiet mode.


9) Control your big screen television

Screenshot: Gizmodo

Advertisement

Your phone can double up as a remote for your big screen television set, if it’s got the right box plugged in. If you’ve got an Android TV device, get Android TV Remote Control on your Android phone; if you’ve got an Apple TV, install the Apple TV Remote on your iPhone.

The controls don’t stop there. If you’re trying to get a Roku stick working, you can use the Roku app for Android or iOS, and there’s an Amazon Fire TV app for Android or iOS too that functions in a similar way. These remotes make text input a lot easier, if nothing else.


10) Flash for notifications

Screenshot: Gizmodo

Advertisement

If your phone is set to silent and turned face down, but you still want to know when notifications arrive, use the LED flash to tell you. On an iPhone, go to Settings and tap General and Accessibility, then enable the LED Flash for Alerts toggle switch.

The feature is available on Android too, but only if you’re using a Samsung handset: If that’s the case go to Settings then pick Accessibility, Hearing, and Flash Notification. For non-Samsung phones, try Flash Notification or Flashlight Notification (both free with ads).


11) Disable Do Not Disturb based on location

Screenshot: Gizmodo

Advertisement

iOS can enable Do Not Disturb mode until you leave your current location, but to find the option you have to go through the Control Center, not Settings: Tap and hold the Do Not Disturb (crescent moon) icon in Control Center, then select Until I leave this location.

There’s no such built-in shortcut available on Android devices, alas, but some other workarounds are available. You can use IFTTT (If This Then That) to mute your ringtone when you enter or exit an area, or the excellent Tasker ($3) can do the same job for you.

About the author

#####EOF##### Please, for the Love of God, Make Sure You Delete Things Properly

Please, for the Love of God, Make Sure You Delete Things Properly

Photo: Fredy Jacob (Unsplash)
GarbageThis week, we are writing about waste and trash, examining the junk that dominates our lives, and digging through garbage for treasure.  

Your personal data—be it financial spreadsheets or web searches—is not something you want to be leaving behind for other people to find, and totally wiping your activity off devices or the web takes a few more steps than you might have realized. Don’t worry though, as we’re going to walk you through the process.

Your smartphone or tablet

So you’re selling your phone or tablet, or giving it away to a niece or nephew, or donating it to a museum... whatever the scenario, if it’s leaving your possession you want to be absolutely sure everything is gone from it. Having the next owner log into your Twitter account and flick through your photos is not something you want to happen.

Advertisement

Screenshot: Gizmodo

The good news is it’s relatively easy to securely wipe your phone, as long as data on it has been encrypted: This has been standard practice on Android devices since Marshmallow version 6.0 in 2015, and on iOS devices for even longer. As long as you have a PIN, face, or fingerprint to unlock your device, the data is protected.

That encryption means when you factory reset your phone or tablet, it’s virtually impossible for anyone to recover the data, even if they pried the storage modules out of your mobile device and tried to read them in another machine. You can double-check your Android device uses encryption by tapping Security then Advanced in Settings.

Advertisement

To perform a factory reset on Android—after making sure you’ve taken off and backed up everything you need to, of course—go to Settings then tap System, Advanced, Reset options, and Erase all data (factory reset). Tap through the confirmation prompts to confirm that’s what you really want to do, and you’re good to go.

Screenshot: Gizmodo

For those of you using iOS, open up Settings, then choose General, Reset, and Erase All Content and Settings to leave yourself with a factory-fresh phone purged of all your data. Again, don’t start the reset process until you’re sure you’ve got your photos, music, and everything else you need safely stored somewhere else.

Advertisement

Your computer

The same idea applies to your laptop as on your phone, and fortunately modern day Windows and macOS machines are much better at secure wipes than they were once upon a time. Windows 10 doesn’t encrypt disks by default (VeraCrypt is good if you’re in the market for this extra protection), but it can securely erase files during a reset.

Screenshot: Gizmodo

Advertisement

That means it puts files beyond the reach of data recovery programs and third parties who might want to pick data off your hard drive after you’re done with it. With your important data backed up, open Windows Settings, then choose Update & Security and switch to the Recovery tab. Click Get started under Reset this PC, choose Remove everything, and then make sure you pick Remove files and clean the drive on the next dialog.

Wiping and resetting macOS computers is also straightforward: They’ve been encrypted by default since OS X Yosemite 10.10 (2014) onwards via a tool called FileVault. To make sure it’s up and running, open the Apple menu, click System Preferences, then choose Security & Privacy and FileVault. If it’s not been enabled for whatever reason, you can do that here.

Encrypted data is virtually impossible to recover, so you know a full reset means a full reset—ensure all your personal data and important files are safely copied somewhere else before you start. Open the Apple menu, choose Restart, then hold down Cmd+R as your machine starts up again.

Advertisement

Screenshot: Gizmodo

Choose Disk Utility from the list of options, then select the drive holding the operating system and files on your computer. Click Erase at the top, select Mac OS Extended (Journaled), when prompted, then click Erase again. After the process has been completed, you can choose to reinstall macOS or leave it for the next user (hit Cmd+Q then Shut Down to turn the Mac off).

Your web accounts

We can’t go through every web account you might have signed up for but we can give you some pointers for the main ones. Your options are going to vary from service to service. For example, it can take up to 90 days for Facebook to delete all your data past the point you’ve decided to get rid of your account.

Advertisement

Screenshot: Gizmodo

If you want to wipe your Facebook account, open the Settings page on the web, then click Your Facebook information, Delete your account and information, and Delete Account (taking advantage of the data export options listed if you want to use them). If you want to keep using Facebook Messenger, choose Deactivate Account, but your personal data won’t be erased—just hidden.

The process is similarly straightforward on Twitter: Go to the Settings page in your browser, then choose Deactivate your account. Enter your password, confirm your choice, and you’re done—you can get your account back for up to 30 days afterward, but after that, it’s gone forever. Remember to export your tweets if you want to save them.

Advertisement

Screenshot: Gizmodo

Various third-party services will delete a subsection of Facebook posts or Twitter tweets for you, but considering their reliability and privacy standards can be suspect, we find it difficult to recommend them—use one of these tools at your own risk.

Google keeps a whole stack of data on you, and the Activity controls page online is your way into erasing some or all of it from existence. Use the toggle switches to stop logging data in the future, or one of the My activity links to delete it—if you then choose Delete activity by, you can wipe recorded data by date and Google service. If you want copies first, go to Google Takeout.

Advertisement

Screenshot: Apple

Sometimes it’s easier just to go into the Google app or service in question. In Gmail click All Mail on the left, then the selection box in the top left corner above your most recent email. Choose Select all... (which will tell you how many messages are in your Gmail account), then click the Delete icon to send them to Trash. The emails will stick around for 30 days unless you click Trash and Empty Trash now.

Want to go nuclear on everything Apple has on you? iTunes purchases, calendar entries, iCloud emails, iCloud photos? Well, Apple will let you do it if you go to this page on the web: Once you’ve signed in, click Request to delete your account, read through the information, and confirm your choice at the bottom.

Advertisement

Your other activity

Your data is floating around in all kinds of places you might not think about. If you’re ditching your smart speaker, why not delete everything you’ve said to Alexa at the same time? From this device page on the web, click the button to the left of your Echo, then choose Manage voice recordings and Delete.

Screenshot: Gizmodo

Advertisement

Most cloud storage services worth their monthly fee will keep deleted files around for a while in case you suddenly find you need them back—great if you’ve made a mistake, not so great if someone else gets access to your account or computer and pulls back a few files from their digital graves. If there’s something sensitive you really want wiped, make sure that it really is wiped.

For Dropbox, for instance, you can go to the Deleted files page on the web, select the files to wipe, and click Delete permanently. With Google Drive, head to the Trash page in your browser, select the files to get rid of and click Delete forever (the trash can icon). If you log into OneDrive, you can click on the Recycle bin to permanently delete files, and so on.

Whenever you’re deleting any web accounts, it’s also a good idea to pull any third-party apps linking into them too, because your data could be replicated elsewhere. You can find the list for your Facebook account here, for example, and the list for your Google account here. Not all of these will have access to personal data, but some might.

Advertisement

Screenshot: Gizmodo

What else might you be leaving behind without realizing it? You’ll find that properly and securely deleting data and accounts only takes a little longer than just leaving them to gather (digital dust). It’s well worth that extra effort to protect any data leaking out that shouldn’t.

About the author

#####EOF##### It's Easy to Infect People With Malware If You Pay Them a Few Cents

It's Easy to Infect People With Malware If You Pay Them a Few Cents

Would you install malware on your computer if someone paid you to do it?

A team of four researchers found that 22 to 43 percent of their test subjects would download and run an unknown executable file for payments ranging from as low as $0.01 to $1.

Advertisement

The researchers used Amazon's Mechanical Turk to conduct the experiment. Participants were asked to download a program onto their systems and run it for an hour. They did not know what the program actually did. As the amount offered to run the program was increased from $0.01 to $10 over five weeks, the percentage of users who ran the program grew steadily and topped out at 43 percent.

The paper concludes that that "users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience." Which means that instead paying for expensive botnets, hackers could simply pay their targets a few cents to gain access to their systems.

Convenient. [Carnegie Mellon via Engadget]

Advertisement

#####EOF##### ZDNet Blogger Disappears Mysteriously in Bulgaria

ZDNet Blogger Disappears Mysteriously in Bulgaria

This isn't good. Dancho Danchev, a ZDNet blogger specializing in malware and cybercrime, has been missing since August, thought to be somewhere in Bulgaria. ZDNet's only lead? This cryptic message: "Dancho's alive but he's in a lot of trouble."

Advertisement

That note came from a "local source," and all other attempts to contact Danchev have come up dry. ZDNet posted a letter Danchev wrote to a colleague in the malware field in September, suggesting that the government was displeased with his work:

[Name redacted],

As I consider you as a trusted colleague, and someone who understands the big picture of cyber crime and cyber espionage, I'm attaching you photos of the "current situation in my bathroom", courtesy of Bulgarian Law enforcement+intell services who've been building a case trying to damage my reputation, for 1.5 years due to my clear pro-Western views+the fact that a few months ago, the FBI Attache in Sofia, Bulgaria recommended me as an expert to Bulgarian CERT -> clearly you can see how they say "You're Welcome".

I'm sending you these not with the idea to see them published, but as an insurance in case things get ugly, knowing that a trusted third-party has access to these and can always distribute them to [redacted] mailing list members, and pretty much the entire industry, especially the press.

The LEO behind the whole operation: [ NAME REDACTED ]

I'm in a process of contacting journalists -> just in case.

I hope you're the trusted industry contact that I think you are, and you'll basically keep these somewhere safe. Thank you, and please use my PGP key.

Best regards

Advertisement

Apparently Danchev was convinced that the electronics were some sort of bug.

ZDNet posted the letter in hopes that someone will come forward with some information about Danchev's whereabouts, and we certainly hope that he'll turn up soon. [ZDNet]

#####EOF##### Hackers Reportedly Stole 600 Gallons of Gas From Detroit Gas Station

Hackers Reportedly Stole 600 Gallons of Gas From Detroit Gas Station

A gasoline station attendant pumps diesel into a car at a filling station on March 23, 2010 in Berlin, Germany.
Photo: Getty

Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers.

The theft, reported by Fox 2 Detroit, took place at around 1pm local time on June 23 at a Marathon gas station located about 15 minutes from downtown Detroit. At least 10 cars are believed to have benefitted from the free-flowing gas pump, which still has police befuddled.

Advertisement

Here’s what is known about the supposed hack: Per Fox 2 Detroit, the thieves used some sort of remote device that allowed them to hijack the pump and take control away from the gas station employee. Police confirmed to the local publication that the device prevented the clerk from using the gas station’s system to shut off the individual pump.

That isn’t a whole lot of information to go on. The most likely explanation seems to be that the attackers would target the fuel-management software used by the gas station. Motherboard pointed out earlier this year that at least one maker of such software was, at some point, vulnerable to attacks that would allow malicious actors to manipulate gas prices and steal fuel.

These systems have long been considered potential targets because many include web-based interfaces. Security firm TrendMicro reported in 2015 that a number of gas-monitoring systems were easy to find online using Shodan, a search engine for internet-connected devices, and other tools that can scan for open ports. Most of those systems were discovered to not be password protected, allowing anyone with enough know how to hijack the controls.

Advertisement

Even then, there’s a lot of unanswered questions regarding the theft, including what the device could have been and how it apparently blocked the gas station attendant from shutting down the pump. The employee described his experience during the incident to Fox 2 Detroit:

“I tried to stop it but it didn’t work,” Aziz Awadh told us. “I tried to stop it here from the screen but the screen’s not working. I tried to stop it from the system; nothing working (sic).”

Aziz says the system wouldn’t respond and it wasn’t until he says he got an emergency kit that he was able to shut the pump down, and then call police.

Advertisement

These types of gas thefts seem to have become a trend in the last couple months. Just a few days before the incident in Detroit, a man in Texas was accused of using a “device” to steal $800 worth of gas from a gas station after hours. Last month, it was discovered that a BP employee in New Jersey manipulated computer records for years to steal more than $300,000 worth of gas from the company.

[Fox 2 Detroit, Click On Detroit]

About the author

AJ Dellinger

Nights and weekends editor, Gizmodo

#####EOF##### The Head of the FTC Just Debunked the FCC's Favorite Excuse for Killing Net Neutrality

The Head of the FTC Just Debunked the FCC's Favorite Excuse for Killing Net Neutrality

Federal Communications Commission (FCC) Commissioner Brendan Carr answers a question from the media after an FCC meeting to vote on net neutrality, Thursday, Dec. 14, 2017, in Washington.
Photo: Jacquelyn Martin / AP

Two weeks before voting to rollback the net neutrality rules, FCC Commissioner Brendan Carr wrote an op-ed for the Washington Post in which he laid out his case for killing off the policy that ensured a free and open internet. In it, he offered up one widely-disputed argument for doing so: that blocking, throttling, and the use of so-called “fast lanes” by internet service providers would violate antitrust laws. The Federal Trade Commission (FTC), Carr wrote, would handle it. This week, the Chairman of the FTC said that’s not necessarily true.

“Reversing the FCC’s Title II decision will return the FTC to its role as a steady cop on the beat and empower it to take enforcement action against any ISP that engages in unfair or deceptive practices,” Carr wrote. “Federal antitrust laws will apply.” Carr added that if ISPs “reached agreements to act in a non-neutral manner by unfairly blocking, throttling, or discriminating against traffic, those agreements would be per se unlawful.” (Emphasis ours.)

Advertisement

Three days ago, however, FTC Chairman Joseph Simons—a Republican, like Carr, appointed by President Trump—publicly debunked Carr’s claim. “Blocking, throttling, or paid prioritization would not be per se antitrust violations,” he said, in a speech at the National Press Club.

Simons expanded on his view of the matter, comparing the idea of paid prioritization to that of grocery store “coupons” and “Happy Hour discounts.”

Paid prioritization is a type of price discrimination, which is ubiquitous in the economy. For example, think about when you walk into grocery store. Some customers get lower prices because they cut out coupons. Others might get a seniors discount. Others might get 2% off with their credit card. Yet others get discounts because they have a loyalty card with that supermarket. Those of us who go to the afternoon movie matinees will generally pay less, and those of us willing to show up at a restaurant before 6 pm might get the benefit of a lower priced menu. And of course, let’s not forget Happy Hour discounts.

Advertisement

Added Simons: “For those of you who live locally, think about the express toll lanes on interstates 95 and 66. Or think about Amtrak’s Acela service to New York, which is faster and more expensive than the local trains. Clearly, our transportation authorities think that allowing people to pay more for faster service is at least sometimes beneficial.”

Simons’ argument that the FTC can’t (or won’t) penalize ISPs for such schemes isn’t news. Carr’s claim that the FTC would step in and shield consumers from ISPs attempting to manipulate internet speeds for profit—a talking point parroted by the industry itself—was widely refuted by legal experts prior to the vote.

A month before Carr’s op-ed, Ferras Vinh, a policy counsel for the Center for Democracy & Technology, told a House subcommittee that the FTC lacked “the rulemaking ability and the deep subject matter expertise of the FCC to protect consumer rights.”

Advertisement

“Without the authority to make rules, the FTC can only pursue violations of net neutrality and consumer privacy after the fact,” added Vinh.

As FCC Commissioner Jessica Rosenworcel explained in her dissent on the day the net neutrality rules were repealed, the scope of FTC enforcement is largely limited to what the law considers unfair and deceptive practices. “But to evade FTC review,” she said, “all any broadband provider will need to do is add new provisions to the fine print in its terms of service.”

Nevermind the fact that average consumers are unlikely to be well versed on what constitutes an antitrust violation, fewer still ever read the terms and conditions of a broadband service agreement. (It’s been repeatedly proven that very few Americans read service agreements, much less comprehend the implications. It has also been found that due to a large number of contracts that internet users must “agree” to, doing so would consume an absurd amount of time. One study found that privacy policies alone would take 76 work days to consume.)

Advertisement

With a member of his own party now debunking his argument for repealing net neutrality—a key agency official, no less, whom Carr assured us would safeguard internet users in his place—Carr’s op-ed for the Post can finally be seen by everyone for what it always was: propaganda aimed at helping ISPs engage in discriminatory practices absent the fear of regulatory reprisal.

The FCC did not respond to a request for comment.

[FTC]

Advertisement

About the author

Dell Cameron

Privacy, security, tech policy | Email: dell@gizmodo.com | XMPP: dell@jabber.ccc.de

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AE • PGP Key

OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD

#####EOF##### Gizmodo - Video
#####EOF##### Design - Tech and Science Tips, Reviews, News And More. | Gizmodo

Design

Gizmodo Design brings you thoughtful analysis of why our products and systems look and work in the way that they do. We take a people-centric approach to covering gadgets, software, architecture, and more.

Advertisement

Want Gizmodo’s email newsletter?
#####EOF#####